Login System
-
Trying to implement a login system, I'm struggling to get it working. I'm using Qt and MySQL - the MySQL link is functioning fine, just can't get the C++ right. Here's the code:
void MainWindow::on_pushButton_login_clicked() { QString enteredUsername = ui->lineEdit_username->text(); QString enteredPassword = ui->lineEdit_password->text(); QString username; QString password; QSqlQuery loginQuery("SELECT * FROM 'logindetails' WHERE studentID='" + enteredUsername + "' AND password='" + enteredPassword + "';"); if (!username.compare(enteredUsername) && (!password.compare(enteredPassword))) QMessageBox::information(this,"Success", "Login information is correct"); else QMessageBox::information(this,"FAIL", "Incorrect login"); /* QSqlQuery usernameQuery("SELECT studentID from userinfo.logindetails"); while (usernameQuery.next()) { QString username = usernameQuery.value(0).toString(); QMessageBox::information(this,"Success",username+ enteredUsername); } QSqlQuery passwordQuery("SELECT password from userinfo.logindetails"); while (passwordQuery.next()) { QString password = passwordQuery.value(0).toString(); QMessageBox::information(this,"Success",password+ typeid(password).name()+ enteredPassword+ typeid(enteredPassword).name()); } if (!username.compare(enteredUsername) && (!username.compare(enteredUsername))) QMessageBox::information(this,"Success", "Login information is correct"); else QMessageBox::information(this,"Failure", "Login information is incorrect"+username + password); */ -
Hi,
What query does fail ?
What are you expecting ?
Where are you getting ? -
I don't really know how to get the C++ code to query username password, then check it against the entered details. The query returns the correct values from the database. There is a username and password in the DB, i'm expecting to query it and check it with the input data. The query returns the right data but not in the correct format.
-
What format are you expecting ? And what format are you getting ?
-
@inik as a side note, you should not store passwords directly in the DB, just a hash value of the actual password. You're shouting for information security problems.
-
I don't really know how to get the C++ code to query username password, then check it against the entered details. The query returns the correct values from the database. There is a username and password in the DB, i'm expecting to query it and check it with the input data. The query returns the right data but not in the correct format.
@inik
Apart from the fact that you should indeed hash (one-way, symmetric) the password for storage (and comparison) as @Pablo-J-Rogina says, when you write:QSqlQuery loginQuery("SELECT * FROM 'logindetails' WHERE studentID='" + enteredUsername + "' AND password='" + enteredPassword + "';"); if (!username.compare(enteredUsername) && (!password.compare(enteredPassword)))by the time that query returns a row you already know both the username & password have matched since you pass them in the query, so you only need to check whether 1 row or 0 rows were returned...
For hashing, from Qt you can probably use http://doc.qt.io/qt-5/qcryptographichash.html#details. So your process is:
- When the user specifies his password, hash it and stored the hashed to the database.
- When a user tries to logon and specifies a proposed password, hash that and pass it to query like you have to see if it is same as a hash in the database row.
- So you never pass the unhashed/clear text of the password to/from the database.
